If you visited RollCall.com on a mobile device recently, you may have noticed a pop-up ad announcing that “You’ve been selected for a chance to get the $1,000 Amazon Gift Card, Apple iPhone X 256G or Samsung Galaxy S8!” (or something similar).

Sadly, you didn’t win anything. We know other news websites have had this issue as well, so you may have seen the same ad or a similar one elsewhere.

Why did you get this ad, and what does it mean? Here’s what happened, how we responded and what we can do to help.

Example pop up you might see on your device

What happened?

Roll Call.com is free because we rely on advertising to offset our costs. To serve our online ads, we use Google DoubleClick For Publishers (or Google DFP), an ad sales management platform. Our advertising team was alerted that a “malicious ad” had gotten on the network. Luckily, it was from a specific vendor, and we were able to quickly shut off its access to our ad rotation. “Problem solved!” or so we thought. As we further diagnosed the problem, we discovered additional steps were necessary to mitigate the issue.

As soon as a bad actor was discovered, we were alerted, and we acted immediately. However, malicious advertisers can be wily, and they could crop up again.

Why are we showing these pop-ups? you might ask

We don’t want to interrupt your reading experience. Our goal is to give you the information you are looking for as fast and effectively as possible. Even our staff was stymied by the pop-ups. Our relationship with you is very important, and we are not keen to put you in a situation where your only options are to quit the application, or simply leave our site.

Once we turned off the offending ads, there was nothing left of the bad code. This doesn’t mean a bad actor won’t slip by an ad service again. It’s a never-ending cat-and-mouse struggle. We do our best to ensure our ads are reputable, and many times we serve “house ads” which simply showcase our exciting content, such as opinion pieces, election coverage and data visualization.

Detailed steps to make the pop-ups go away

If you’re still experiencing problems, the best way to make sure you don’t see this malicious ad again is to clear your cookies, cache, and browser history.

Once inside the Privacy tab, tap on “Clear browsing data” (the large button at the bottom).

How to clear cookies, cache, and history in Chrome for iOS:

Open Google Chrome on your iPhone or iPad, tap on the Triple Dot menu and click on “History.”

Click on “Clear Browsing Data …”

Select which browsing data to clear (“Browsing History,” “Cookies, Site Data,” “Cached Images and Files”), then tap on “Clear Browsing Data” at the bottom.

How to clear cookies, cache, and history in Safari for iOS:

Launch the Settings app from the home screen of your iPhone or iPad. Scroll down and tap on Safari.

Scroll to the bottom and tap on “Advanced.” Tap on “Website Data.”

Scroll to the bottom again and tap on “Remove All Website Data.” Confirm again you’d like to delete all data.

When all else fails …

You may need to delete and restore an app or reboot your device completely if your screen is stuck and you can’t do anything. If it’s really bad, it wouldn’t hurt to restore your device to a known good state.

General advice

Don’t click on suspicious links, especially when you’re on important sites like banking websites.

If possible, navigate to your site of choice by typing its URL or using a bookmark.

Some devices can use malware detection software or applications.

You can also disable pop-ups in some browser/device combinations.

Never share passwords or other sensitive data through channels you aren’t sure about.

In the end, you are your best firewall. Your behavior goes a long way toward ensuring you don’t get hacked. As long as you have a good backup strategy, you will never lose your data. With cloud storage becoming more prevalent, it’s even less of a concern. The good news, in this case, is that unless you clicked on the ad and shared your personal information, that information didn’t end up in the wrong hands — and you likely weren’t hacked.